r34748 MediaWiki - Code Review archive
Repository:
MediaWiki
Revision:
<
r34747
|
r34748
|
r34749
>
Date:
18:31, 13 May 2008
Author:
brion
Status:
old
Tags:
Comment:
should be safe for now, but damn it's icky to dump raw variables into SQL and hope they were properly filtered several layers of code above. :)
Practice defensive programming at i/o layers... escape your SQL values
Modified paths:
/trunk/extensions/LinkSearch/LinkSearch_body.php
(modified) (
history
)
Diff
[
purge
]
Index: trunk/extensions/LinkSearch/LinkSearch_body.php
—
—
@@ -119,7 +119,7 @@
120
120
121
121
$encSQL = '';
122
122
if ( isset ($this->mNs) && !$wgMiserMode )
123
- $encSQL = 'AND page_namespace=' . $this->mNs;
123
+ $encSQL = 'AND page_namespace=' . $dbr->addQuotes( $this->mNs );
124
124
125
125
$use_index = $dbr->useIndexClause( $clause );
126
126
return
Status & tagging log
15:26, 12 September 2011
Meno25
(
talk
|
contribs
)
changed the
status
of r34748
[
removed:
ok
added:
old]